CVE-2015-4167

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 05-08-2015 08:59

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:M/Au:N/C:N/I:N/A:C

Low

Attack complexity

Local

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

4.7

Base score

3.4

6.9

Exploitability score

Impact score

Verification logic

Reference

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0
[oss-security] 20150602 CVE request Linux kernel: fs: udf kernel oops-
https://bugzilla.redhat.com/show_bug.cgi?id=1228204
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1
https://github.com/torvalds/linux/commit/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0
1033187-
DSA-3290-
USN-2631-1-
USN-2632-1-
74963-
SUSE-SU-2015:1611-
SUSE-SU-2015:1592-
DSA-3313-
openSUSE-SU-2015:1382-
SUSE-SU-2015:1324-

Keywords

CVE-2015-4167

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2015-4167

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures